4 Answers
4

I have used the Linksys (Now Cisco Small Business, but don't let that scare you) RV042 routers to do everthing you need to do with great success.

The model I went with was the RV042 which is a 4 port model for about $200 each (last I checked).

Like I said does everything, I connect the main office to 3 branch offices with it using the build in VPN to VPN between the routers. All offices are on the RV042.

Its easy to configure, 100% by web browser. I'd switch to it, even though you have the PIX now, I suspsect this will safe you hours of configuration in the future and hence pay for itself.

I'll use these until they stop making them. I've never had an issue with them, and have had about total of 10 running over the years, with 4 currently. (Down sizing, less branch offices now)

Site to Site VPN (to connect the remote office to the local office)

YES - I use this, IPSec, easy to configure

DHCP Server (unlike the PIX you don't pay extra for licenses)

YES - This is the DHCP for the network, up to 255 computers

Will route packets into and out of the originating interface (so home users connected to the local office by VPN can see resources on the remote office's LAN). PIX wouldn't do this.

Can't confirm this, since I don't need it, but you can setup routing rules so likely this can be done, I had to do something similiar to get workstations to see the exchange server.

VPN Server (vista support would be a nice plus)

YES - PPTP using the included windows client or an IPSec using the Linksys quick VPN (but I've had less success getting this to work)

Built-in DMZ support.

YES - has a seperate WAN port for this, 2nd WAN port can be DMZ or a second ISP connection

Web based configuration interface (would prefer one that did not have a command-line as an option as a way to guarantee everything can be configured via web)

YES - I've never used the command line for this

syslog support. So we can dump a continuous stream of logs to a PC until we need the hard-drive space and delete them.

I think so, but I've never had to do this, but looking at the logging screen seems like it can.

Access controls with enough power to be useful. E.g., we can block access to a site or block access entirely by MAC Addr without ever writing a single ifconfig-like line.
A website with a link to the user manual.

YES - MAC Address, IP access, to sites, etc. I also don't use my ISP's DNS servers but instead use OpenDNS ones and block access that way. You can use a DHCP from your ISP and setup static DNS servers to override your ISPs. I've blocked specific computers while giving the rest of the office access.

Most SMB products have the features you describe. I think even the newer versions of the Cisco PIX have web based configuration interfaces but it's not quite as slick as those from companies that engineered their products from the ground up to be used by SMB.

I would still recommend you stick with the Cisco product. I realize it has several features that you don't say you need but you get a level of reliability that is second to none. You could go for something like a Cisco ASA 5505. Which isn't very expensive realitivly speaking. The ASDM interface is quite easy to use, with your attempted CCNA you probably have an advantage on many people that have setup devices like this in the past. The Cisco VPN client is compatible with Vista but is a bit finicky. Running a site to site vpn between your remote offices would allow you to share resources between the offices and to home users that vpn in.

That my opinion for exatly what it is an opinion. I have 2 5505's that have at least 6 months of uptime at the moment, and thats what i am basing this recommendation on.

A Cisco PIX is overkill for many scenarios -- but since you have it inhouse -- I would recommend keeping it in place. That being said -- if the maintenance cost (having someone configure it for you) makes it worth replacing with a SOHO router, and you are aware of the tradeoffs of that, and comfortable with SOHO performance, occasional reboots, then go for it.